本文详细介绍了在一个网络环境中如何进行OSPF子网划分,配置MGRE隧道,实现多分支站点连接。通过RIP协议重发布至OSPF,并利用NAT技术实现内网访问公网。同时,调整了部分路由器的优先级以避免选举问题,确保了网络连通性。
OSPF综合大实验(一)
标题
一、子网划分
1、划分思路
因为该拓扑有11个网段,因此我们需要在后16位取4位用作网络位(2^4=16,11位于9至16之间)
1、0000 0000——172.16.0.0/20
2、0001 0000——172.16.16.0/20
3、0010 0000——172.16.32.0/20
4、0011 0000——172.16.48.0/20
5、0100 0000——172.16.64.0/20
6、0101 0000——172.16.80.0/20
7、0110 0000——172.16.96.0/20
8、0111 0000——172.16.112.0/20
9、1000 0000——172.16.128.0/20
10、1001 0000——172.16.144.0/20
11、1010 0000——172.16.160.0/20
2、拓扑图
3、配置各个接口的IP地址(注意在拓扑图上标注接口IP的简写)
4、配置各路由器的环回地址——12.0.1.1-12.0.1.12——便于以后的路由汇总(处于同一网段就行,没有什么特殊要求)
二、配置MGRE环境,R3是中心站点
1、R3:(R3是中心站点)
interface Tunnel0/0/0——————————创建一个虚接口
ip address 10.0.1.1 255.255.255.0 ————————————————配置虚接口的IP地址
tunnel-protocol gre p2mp———————————使用MGRE协议——————————MGRE使用的是点到多点,P2mp是点到多点
source GigabitEthernet0/0/2——————————R3路由器的源IP地址
ospf network-type p2mp
nhrp entry multicast dynamic————————中心站点设置,组播动态转换
nhrp network-id 100
2、R5——R7分站点的配置
R5:
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.0.1.2 255.255.255.0
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
ospf network-type p2mp
nhrp network-id 100
nhrp entry 10.0.1.1 172.16.32.1 register
#
R6:
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.0.1.3 255.255.255.0
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
ospf network-type p2mp
nhrp network-id 100
nhrp entry 10.0.1.1 172.16.32.1 register
#
return
R7[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.0.1.4 255.255.255.0
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
ospf network-type p2mp
nhrp network-id 100
nhrp entry 10.0.1.1 172.16.32.1 register
return
4、检查R3各分支站点的信息
[Huawei]dis nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
10.0.1.2 32 172.16.48.2 10.0.1.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:02:57
Expire time : 01:57:03
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
10.0.1.3 32 172.16.64.2 10.0.1.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:01:24
Expire time : 01:58:36
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
10.0.1.4 32 172.16.80.1 10.0.1.4 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:31
Expire time : 01:59:29
三、若使R3、R5、R6、R7访问ISPR4的外网,则需要对R3、R5、R6、R7做缺省路由指向R4
1、缺省路由思路
ip route-static 0.0.0.0 0 下一跳地址(做的路由器的下一跳)
2、各个路由器的下一跳地址
R3:
ip route-static 0.0.0.0 0 172.16.32.2
R5:
ip route-static 0.0.0.0 0 172.16.48.1
R6:
ip route-static 0.0.0.0 0 172.16.64.1
R7:
ip route-static 0.0.0.0 0 172.16.80.2
3、R3、R5、R6、R7路由器访问公网
[Huawei]ping 1.1.1.1——————————R4的环回定为1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms
四、开启ospf、进行宣告、处理不规则区域area 4
1、划分区域(见图)
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-cQWeKtN4-1626191574436)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20210713183707320.png)]
2、开启ospf,并进行宣告
1、area 0:
R5:
[V200R003C00]
#
area 0.0.0.0
network 12.0.1.5 0.0.0.0
network 172.16.48.2 0.0.0.0
#
R6:
[V200R003C00]
#
area 0.0.0.0
network 12.0.1.6 0.0.0.0
network 172.16.64.2 0.0.0.0
#
return
R7:
[V200R003C00]
#
area 0.0.0.0
network 12.0.1.7 0.0.0.0
network 172.16.80.1 0.0.0.0
#
return
R3的g0/0/1接口:
[V200R003C00]
#
area 0.0.0.0
network 172.16.32.1 0.0.0.0
#
return
2、area 1
R3:
[V200R003C00]
#
area 0.0.0.1
network 12.0.1.3 0.0.0.0
network 172.16.0.2 0.0.0.0
network 172.16.16.2 0.0.0.0
#
return
R2:
#
area 0.0.0.1
network 12.0.1.2 0.0.0.0
network 172.16.16.1 0.0.0.0
#
return
R1#
area 0.0.0.1
network 12.0.1.1 0.0.0.0
network 172.16.0.1 0.0.0.0
#
return
area 2
R6的g0/0/1口:
[V200R003C00]
#
area 0.0.0.2
network 172.16.144.1 0.0.0.0
#
return
R11:
#
area 0.0.0.2
network 172.16.144.2 0.0.0.0
network 172.16.160.1 0.0.0.0
network 12.0.1.11 0.0.0.0
#
return
R12:
#
area 0.0.0.2
network 172.16.160.2 0.0.0.0
nssa
#
return
area 3:
R7的g0/0/1口:
[V200R003C00]
#
area 0.0.0.3
network 172.16.96.1 0.0.0.0
#
return
R8:
#
area 0.0.0.3
network 172.16.96.2 0.0.0.0
network 12.0.1.8 0.0.0.0
network 172.16.112.1 0.0.0.0
#
return
R9的e0/0/0口:
#
area 0.0.0.3
network 172.16.112.2 0.0.0.0
#
return
area 4
*注:由于area 4为远离骨干的非骨干区域,是一个不规则区域;因此需要采用ospf多进程重发布来解决,则area 4的ospf进程为2
R9:
#
area 0.0.0.4
network 12.0.1.9 0.0.0.0
network 172.16.128.1 0.0.0.0
#
return
R10:
#
area 0.0.0.4
network 12.0.1.10 0.0.0.0
network 172.16.128.2 0.0.0.0
#
return
2、多进程双向重发布——在边界路由器R9上
[Huawei-ospf-2]import-route ospf 1————————在ospf 1对ospf 2进行重发布
[Huawei-ospf-1]import-route ospf ————————在ospf 2对ospf 1进行重发布
五、在R12路由器上配置RIP,并重发布到ospf中
1、RIP——路由信息协议
1.RIP的三个版本:
A.RIPV1:是一种有类别的距离矢量型路由协议
B.RIPV2:是一种无类别的距离矢量型路由协议
C.RIPNG:在IPV6中使用
2.启用RIP协议
[Huawei]rip 1——————————距离矢量路由
[Huawei-rip-1]ver 2————————版本2
[Huawei-rip-1]net 12.0.0.0——————宣告主类网的网段
3、RIP 1和ospf 1双向重发布
[Huawei]rip 1
[Huawei-rip-1]import-route ospf 1
[Huawei]ospf 1
[Huawei-ospf-1]import-route rip 1
六、在R3、R5、R6、R7的MGRE环境里将R5——R7的优先级改为0,使其不参加选举
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ospf d
[Huawei-GigabitEthernet0/0/0]ospf dr-priority 0
七、内网访问公网R4,运用NAT技术(给R3、R6、R7配置NAT)
1、R3
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 p
[Huawei-acl-basic-2000]rule 5 permit so
[Huawei-acl-basic-2000]rule 5 permit source 172.16.32.2 0.0.0.0
[Huawei-acl-basic-2000]q
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]nat outbound 2000
[Huawei-GigabitEthernet0/0/2]display nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/2 2000 172.16.32.1 easyip
--------------------------------------------------------------------------
2、R6
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 172.16.64.2 0.0.0.0
[Huawei-acl-basic-2000]q
[Huawei]int
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000
[Huawei-GigabitEthernet0/0/0]dis nat out
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 172.16.64.2 easyip
--------------------------------------------------------------------------
3、R7
[Huawei-acl-basic-2000]rule 5 permit source 172.16.80.1 0.0.0.0
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000
[Huawei-GigabitEthernet0/0/0]dis nat out
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 172.16.80.1 easyip
--------------------------------------------------------------------------
Total : 1
八、检验连通性
1、拼通公网环回
1.R6 ping R4:
[Huawei]ping 1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=40 ms
4024
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
